A new improved piece of malware that’s targeted at Windows users has entered the stage. It encrypts ALL of your Windows computer’s document files — .docs, spreadsheets, photos, etc — as well as any files that it finds in your Dropbox or on your network’s shares, and demands a ransom to decrypt them. It overwrites your original unencrypted files with zeros. Here’s one sad CryptoLocker story.
CryptoLocker is nasty. It apparently propagates via Phishing attacks: you know, those emails that contain a malicious link and/or attached file. Supposedly CryptoLocker is delivered by an email that looks like it’s from a legitimate company such as FedEx, UPS, a bank, or other business.
One bad feature of CryptoLocker is that it encrypts every file that it can find and gain write access to: this includes your backup files that reside on any online external drives. If it has a drive letter, its files will be encrypted by CryptoLocker. Here is a YouTube video clip of someone who paid the $300 ransom.
Malwarebytes documents CryptoLocker. The best protection is to use offline backup systems. Carbonite would be immune, as would offline tape backup systems.
Sophos has a good CryptoLocker page with video demo. It notes,
A Naked Security reader just commented that from a single infected computer, he was “faced with 14,786 encrypted files over local and mapped network drives.”
Backup system must include versioning
Let’s assume the worst: your files have been encrypted by CryptoLocker. To ensure that you can restore an unencrypted version of each file, your backup system should include a feature called versioning. You’ll need to select from a backup set that was done before CryptoLocker infected your computer . . . and these earlier versions must be stored off-line, or CryptoLocker will encrypt them, too!
Update, 6 Nov 2013: I’ve read that CryptoLocker is distributed via an emailed attachment. The attached file purports to be a PDF file. It is in fact an EXE file. When the victim clicks on the attached file, the attack begins.
Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695